Description

Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors related to login.

Remediation

References

CVE-2016-9404

Related Vulnerabilities

WordPress 5.6.x Multiple Vulnerabilities (5.6 - 5.6.2)

WordPress Plugin MP3-jPlayer Cross-Site Scripting (1.8.3)

Atlassian Jira CVE-2021-39123 Vulnerability (CVE-2021-39123)

XWiki Incomplete Cleanup Vulnerability (CVE-2023-36468)

WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-10101)

Severity

Medium

Classification

CVE-2016-9404 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities